projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: feeab2b) | patch
Bug 19612: Fix XSS in members/memberentry.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 13 Nov 2017 03:35:14 +0000 (09:05 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 9 Jan 2018 19:01:50 +0000 (16:01 -0300)
commite0e063a85b654af623ea1da068d6fd23e8ec3833
treed426b980baa849f076f77ffc15af1a675a97d1c7tree | snapshot
parentfeeab2b3a0f78a600560395326b4538104e25ff1commit | diff
Bug 19612: Fix XSS in members/memberentry.pl

To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field address, address2, city, state, country,
   zipcode, B_streetnumber, B_city, B_country, B_zipcode that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/includes/member-display-address-style-us.inc diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/includes/member-display-alt-address-style-us.inc diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tt diff | blob | history
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git